<?php
session_start();
?>

<style type="text/css">
<!--
body {
	background-color: #FFFFFF;
}
-->
</style><body><?php
     include("../../MerchandiseBay/conn.php");

     	$name=$_REQUEST['name'];
		$redemptPoint = $_POST['redemptPoint'];
		$item = $_POST["redemptItem"];
		$sqlGetPoint = "select `point` from `users` where `username` ='".$name."'";
	 	$qryPoint = mysql_query($sqlGetPoint, $conn);
		$row = mysql_fetch_assoc($qryPoint);
	 	$iPoint = $row["point"];
		
		if(intval($redemptPoint,10) > intval($iPoint,10))
		{
			echo "<script type='text/javascript'>
			alert('Not enough points to redeem. Please try again.');
			window.location.assign('pointForm.php');
			</script>";
			exit;
		}
		else
		{
			$sql = "UPDATE `users` SET `point` = `point` - $redemptPoint where username = '$name'";

			$qry=mysql_query($sql,$conn);
			if($qry==true)
			{
							$redemptSql = 'INSERT INTO `redemption` (`name`, `redemption`, `point`) VALUES
							("'.$name.'", "'.$item.'", '.$redemptPoint.');';
							$qry2=mysql_query($redemptSql, $conn);
							echo  "<script language=javascript>
						   window.alert('Your redemption is sucessful. $redemptPoint points was deducted. You can take your redemption at the counter. ');
						   window.location.assign('pointForm.php');
						   </script>";
						   exit;
							
			}
			else
			{
				die  (mysql_error());
			}
		}
				 
	
	?>
